API Abuse – The Anatomy of An Attack
A talk given by David Stewart from CriticalBlue at the 2019 Platform Summit in Stockholm.
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
Remembering that API abuse attacks are often carried out at low frequency and with valid user credentials and API keys, the audience will be challenged to consider how their API defense mechanisms would cope against bad actors behaving as described.
Attendees may feel the need to contact their home offices after this presentation, just to check a few things…
Видео API Abuse – The Anatomy of An Attack канала Nordic APIs
Gartner’s statement that “By 2022, API abuses will be the most-frequent attack vector resulting in data breaches for enterprise web applications.” is often quoted, but what does an API abuse attack actually look and feel like?
At last year’s Platform Summit, I described 3 different types of API abuse at a high level, summarizing who abuses and why.
The year I will go into anatomical and forensic detail on one specific API abuse attack based on our real experiences, explaining what it looked and felt like through the exploration and probing phase, into the setup and test stage, and finally into the at scale exploitation.
Remembering that API abuse attacks are often carried out at low frequency and with valid user credentials and API keys, the audience will be challenged to consider how their API defense mechanisms would cope against bad actors behaving as described.
Attendees may feel the need to contact their home offices after this presentation, just to check a few things…
Видео API Abuse – The Anatomy of An Attack канала Nordic APIs
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
The Art of Documentation & Making Your API Go from Good to Great
APIs in the public transport industry — what's next?
What Does It Take to Become a Platform Company?
APIs for the B2B Social Tech Revolution
Digital first Real Estate Banking
Be REST Assured - but What's with API Usability?
The Why & How of Testing APIs
Management and Security of Contextual Communications
Automatic Testing of API Documentation
Content Negotiation for REST APIs
Life After Microservices: Shifting the Boundaries
Why Developers use APIs and what can you do about it.
API Economies: APIs as Bridges from Services to Real Digital Experiences
API and Platform Transformation Patterns to Power Your Business
Human in the loop Workflow Automation
The Next Challenge for API Management: Real Time on the Edge
Accelerating API Development, Testing and Delivery with API Virtualisation
Jacob Has a Horse, Says Travis – a Tale of Truths In a Microservice Architecture
The Four Archetypes of Developer Champion Programmes
The Event Horizon -- Designing API's for the Internet of Things
Journey towards Scaling Your Application to 10 Million Users